colinneagle (2544914) writes "Samsung built an authenticated boot of the Android operating system to create a trusted runtime environment. This capability has already been integrated into Android, but never implemented by manufacturers because Android developers sometimes build custom boot ROMs to adorn Android with cool features. But to weaken Apple’s hold on the enterprise market and outflank Windows 8, it is a necessary addition if Samsung is going to win over customers in the IT department.
It is unclear at this time which Samsung devices can be secured because Knox requires specific on-chip read-only-memory (ROM) hardware. Using well-understood cryptography techniques, trusted onboard code verifies the very first operating system component that does not reside in ROM called the boot loader. Using public key encryption, each operating system component is verified against its signature, created with a secure hash algorithm (SHA) until all Android components are loaded and operational. To convert this known runtime environment into a “trusted” runtime environment, Samsung turned to its partner General Dynamics, which said the technology integrated with Samsung is "trusted to protect information classified from the Secret level and below.""
Link to Original Source